Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Read only

Authenticate via Basic Auth or Client Certificate against a BTP Cloud Foundry CAP Application

kaio716
Explorer

on ‎2024 Aug 29 8:52 AM

0 Likes
1,107

Hello,

We would like to use the event notification options of C4C to send events directly to a CAP application in Cloud Foundry. Since only Basic Authentication and SSL Client Certificate are available in C4C for event notifications, the question arises whether it is even possible to authenticate to a CAP application via Basic Auth or Client Certificate. Our subaccount is connected to a Custom Identity Provider (Azure AD) and our CAP application uses “XSUAA” as authentication method.

Is there any way to use Basic Auth or Client Certificate to authenticate to a CAP backend service configured with “XSUAA” authentication method?

Many thanks in advance and best regards
Kai-Frederik Engel

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies

Accepted Solutions (0)

Answers (2)

Answers (2)

Willem_Pardaens
Product and Topic Expert
Product and Topic Expert
‎2024 Aug 30 7:53 AM
0 Likes

Event-Driven Architectures (EDA) typically don't have point-to-point channels but leverage brokers to distribute and route events to interested parties.

SAP Cloud solutions can leverage the SAP Event Broker for SAP Applications to publish events centrally. This is done via the creation of formations, see here: https://help.sap.com/docs/btp/sap-business-technology-platform/enabling-events-exchange-between-sap-... 

On the CAP side, where you'd subscribe to the events, development is ongoing to support the new SAP Event Broker for SAP Applications as additional broker next to the SAP Event Mesh. I suggest to keep an eye out for TechEd in October where the topic will be discussed and demonstrated, see: https://www.youtube.com/watch?v=m_YoqkECnGI 

Show replies
Show replies
gregorw
SAP Mentor
SAP Mentor
‎2024 Aug 30 6:56 AM
0 Likes

If you have a custom IAS connected via OpenID Connect to your BTP subaccount you can create a local user with confirmed E-Mail address and changed password there. This user can be used for basic authentication via the approuter when you configure a route with authenticationType basic.

Show replies
Show replies
kaio716
Explorer
‎2024 Sep 02 8:27 AM
0 Likes
Thank you for your contribution! We have currently connected Azure AD to our subaccount via SAML. Are there similar options for accessing routes from CAP services via XSUAA using Basic Auth/Client Cert?
gregorw
SAP Mentor
SAP Mentor
‎2024 Sep 02 11:51 AM
0 Likes
Basic Authentication doesn't work when the Azure AD is connected via SAML. IAS is a must. You do not want to use Basic Authentication with CAP in production.
Ask a Question